UBUNTU-CVE-2024-42332

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2024-42332

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-42332.json

JSON Data

https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2024-42332

Related

CVE-2024-42332

Published

2024-11-27T12:15:00Z

Modified

2025-01-13T10:25:55Z

Summary

[none]

Details

The researcher is showing that due to the way the SNMP trap log is parsed, an attacker can craft an SNMP trap with additional lines of information and have forged data show in the Zabbix UI. This attack requires SNMP auth to be off and/or the attacker to know the community/auth details. The attack requires an SNMP item to be configured as text on the target host.

References

Affected packages

Ubuntu:Pro:14.04:LTS / zabbix

Package

Name: zabbix
Purl: pkg:deb/ubuntu/zabbix@1:2.2.2+dfsg-1ubuntu1+esm5?arch=source&distro=esm-infra-legacy/trusty

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:2.*

1:2.0.6+dfsg-1ubuntu2

1:2.2.0+dfsg-1ubuntu1

1:2.2.0+dfsg-6ubuntu1

1:2.2.1+dfsg-1ubuntu3

1:2.2.2+dfsg-1ubuntu1

1:2.2.2+dfsg-1ubuntu1+esm1

1:2.2.2+dfsg-1ubuntu1+esm3

1:2.2.2+dfsg-1ubuntu1+esm4

1:2.2.2+dfsg-1ubuntu1+esm5

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:16.04:LTS / zabbix

Package

Name: zabbix
Purl: pkg:deb/ubuntu/zabbix@1:2.4.7+dfsg-2ubuntu2.1+esm4?arch=source&distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:2.*

1:2.4.6+dfsg-1

1:2.4.7+dfsg-1

1:2.4.7+dfsg-2

1:2.4.7+dfsg-2ubuntu2

1:2.4.7+dfsg-2ubuntu2.1

1:2.4.7+dfsg-2ubuntu2.1+esm1

1:2.4.7+dfsg-2ubuntu2.1+esm2

1:2.4.7+dfsg-2ubuntu2.1+esm3

1:2.4.7+dfsg-2ubuntu2.1+esm4

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:18.04:LTS / zabbix

Package

Name: zabbix
Purl: pkg:deb/ubuntu/zabbix@1:3.0.12+dfsg-1ubuntu0.1~esm4?arch=source&distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:3.*

1:3.0.7+dfsg-3

1:3.0.12+dfsg-1

1:3.0.12+dfsg-1ubuntu0.1~esm1

1:3.0.12+dfsg-1ubuntu0.1~esm2

1:3.0.12+dfsg-1ubuntu0.1~esm3

1:3.0.12+dfsg-1ubuntu0.1~esm4

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:20.04:LTS / zabbix

Package

Name: zabbix
Purl: pkg:deb/ubuntu/zabbix@1:4.0.17+dfsg-1?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:4.*

1:4.0.4+dfsg-1build2

1:4.0.4+dfsg-1build3

1:4.0.11+dfsg-1

1:4.0.14+dfsg-1

1:4.0.15+dfsg-1

1:4.0.16+dfsg-1

1:4.0.16+dfsg-1build1

1:4.0.17+dfsg-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / zabbix

Package

Name: zabbix
Purl: pkg:deb/ubuntu/zabbix@1:5.0.17+dfsg-1?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:5.*

1:5.0.8+dfsg-1build1

1:5.0.14+dfsg-1

1:5.0.17+dfsg-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.10 / zabbix

Package

Name: zabbix
Purl: pkg:deb/ubuntu/zabbix@1:7.0.2+dfsg-1?arch=source&distro=oracular

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:6.*

1:6.0.29+dfsg-1

1:7.*

1:7.0.0+dfsg-1

1:7.0.0+dfsg-2

1:7.0.1+dfsg-1

1:7.0.2+dfsg-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}